Heads-Up Apple Users, Cthulhu Stealer Malware For macOS Is Targeting You

Researchers at Cado Security have found new malware targeting maOS users, which is dubbed “Cthulhu Stealer.” The malicious app attempts to deceiver users by masquerading as legitimate software, such as CleanMyMac, Grand Theft Auto IV, and Adobe GenP. It’s incredibly similar to Atomic Stealer, malware first released in 2022, and the researchers speculate that this new malware is just a modified version of Atomic.

As with most malware the first thing Cthulhu Stealer attempts to do is ask for users' passwords when the malicious app is opened. This is a key step as this information is necessary for the threat actors to achieve their nefarious goals. This is especially true for macOS, as it often asks for the password to access certain parts of the operating system.


Some goals of the threat actors making use of Cthulhu Stealer are “to steal credentials and cryptocurrency wallets from various stores, including game accounts.” Some of the wallets that are targeted by the malware include Coinbase Wallet, Wasabi Wallet, Atomic Wallet and Electrum Wallet. Meanwhile, it attempts to steal various pieces of data from Battlenet accounts that include game cache and log data.

While there isn’t much information as to how this malware is distributed just yet, it’s highly probable that it’s being offered to users as pirated, highly-discounted, or free software. All of the software that it mimics requires some form of payment for users to get access. It’s important to keep in mind that that if software is being offered for “free”, which normally costs money or requires a subscruption, there is a real risk of being hit with malware that steals personal data. It’s best to stick to the Apple App Store or  download directly from the software vendor’s website.